Full-Time Senior Compliance Risk Specialist

Job Title: Senior Compliance and Risk Specialist

Job Type: Permanent, Full-Time

Job Location: Canada

Work Model: Remote

Position SummaryAs a Senior Compliance and Risk Specialist at CBN, you will be responsible for leading compliance initiatives, conducting risk assessment and remediation activities, and developing security strategies for CBN systems deployed in Canada, the United States and Europe.

Responsibilities

1. Compliance InitiativesLead current ISO 27001, SOC 2, and PCI compliance initiatives for systems in Canada, US, and Europe. Examine existing initiatives and engage business stakeholders and customers to establish a strategy for handling compliance-at-scale for both compliance-focused and cost-sensitive markets.
2. Security StrategySpearhead initiatives to identify, investigate, and improve security risks within CBN Operations Global Infrastructure. Design and deliver security strategies, produce architectural models, detailed assessments, and present reports to meet Canada/US and global security requirements. Research and deliver tooling and strategies for CBN’s AppSec program to address risk assessments in an automated fashion at scale.
3. Risk Assessment and RemediationConduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions, and develop plans for remediation. Understand the risk/compliance gaps in our global systems, articulate a vision, and work across teams to get us there.
4. Stakeholder EngagementTake an active role in educating customers, executives, stakeholders, infrastructure personnel, and developers on best practices for security. Build relationships with stakeholders across groups to understand assessment needs, advise on how it should be handled, and the associated notification process.
5. Various other Duties and Responsibilities

Knowledge and Experience

EducationBachelor’s degree in Computer Science, Information Technology or related field or an equivalent combination of relevant education and additional work experience

Certification(s)One (or more) of NIST800-53, ISO27001, SOC2 (Type I and II), FedRamp, StateRamp SANA, ISACA or GIAC is an asset

KnowledgeCompliance standards, frameworks and tools Threat and risk management principles and methodologies Risk assessment practices and methodologies

Experience8+ years of direct experience in a compliance, auditing and/or risk position 3+ years of experience developing/delivering compliance assessments Experience using structured approaches to risk assessment (e.g. HTRA, TRA, ITSG-33, CSF, FSIR, STAR) Experience using Unified Compliance Frameworks and GRC tools Experience with Azure/AWS compliance is an asset

Technical SkillsProficiency with MS 365 Copilot Presentation skills

Soft Skills and CompetenciesCritical thinking skills Analysis, problem solving Interpersonal skills Communication, relationship building, teamwork and collaboration Organization/time management/prioritization skills Adaptable Growth mindset

Mandatory Requirements

• Language(s): Fluency in English (reading, writing, speaking)
• Travel: Ability to travel domestically and/or internationally (passport required) approx. 1-2 weeks/year

Additional InformationCanadian Bank Note Company (CBN) is committed to fostering a diverse and inclusive workplace where all employees are treated with dignity and respect. We are proud to be an equal opportunity employer and do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, or any other legally protected status.

What is the last date for applying to the job?

Which countries are accepted for this remote job?